fix(manifests): add hostPID for hairpin

This is needed because #1582 which was recently merged relies upon finding the correct veth interface via /proc/<pid> which isn't available unless kube-router is in the same process namespace. hostPID and hostIPC was always required for DSR functionality, but now hostPID is needed for hairpin to be available.
2025-09-28 03:21:15 +02:00 · 2023-12-08 16:35:49 -06:00 · 2023-12-08 16:35:49 -06:00 · eb2628874c
commit eb2628874c
parent aebaa48ea1
11 changed files with 11 additions and 0 deletions
--- a/daemonset/generic-kuberouter-all-features-advertise-routes.yaml
+++ b/daemonset/generic-kuberouter-all-features-advertise-routes.yaml
@ -143,6 +143,7 @@ spec:
        - name: kubeconfig
          mountPath: /var/lib/kube-router
      hostNetwork: true
+      hostPID: true
      tolerations:
      - effect: NoSchedule
        operator: Exists
--- a/daemonset/generic-kuberouter-all-features.yaml
+++ b/daemonset/generic-kuberouter-all-features.yaml
@ -139,6 +139,7 @@ spec:
        - name: kubeconfig
          mountPath: /var/lib/kube-router
      hostNetwork: true
+      hostPID: true
      tolerations:
      - effect: NoSchedule
        operator: Exists
--- a/daemonset/generic-kuberouter-only-advertise-routes.yaml
+++ b/daemonset/generic-kuberouter-only-advertise-routes.yaml
@ -64,6 +64,7 @@ spec:
          mountPath: /run/xtables.lock
          readOnly: false
      hostNetwork: true
+      hostPID: true
      tolerations:
      - effect: NoSchedule
        operator: Exists
--- a/daemonset/generic-kuberouter.yaml
+++ b/daemonset/generic-kuberouter.yaml
@ -109,6 +109,7 @@ spec:
        - mountPath: /etc/kube-router
          name: kube-router-cfg
      hostNetwork: true
+      hostPID: true
      tolerations:
      - effect: NoSchedule
        operator: Exists
--- a/daemonset/kube-router-all-service-daemonset-advertise-routes.yaml
+++ b/daemonset/kube-router-all-service-daemonset-advertise-routes.yaml
@ -104,6 +104,7 @@ spec:
        - name: kube-router-cfg
          mountPath: /etc/kube-router
      hostNetwork: true
+      hostPID: true
      tolerations:
      - effect: NoSchedule
        operator: Exists
--- a/daemonset/kube-router-all-service-daemonset.yaml
+++ b/daemonset/kube-router-all-service-daemonset.yaml
@ -100,6 +100,7 @@ spec:
        - name: kube-router-cfg
          mountPath: /etc/kube-router
      hostNetwork: true
+      hostPID: true
      tolerations:
      - effect: NoSchedule
        operator: Exists
--- a/daemonset/kube-router-firewall-daemonset.yaml
+++ b/daemonset/kube-router-firewall-daemonset.yaml
@ -99,6 +99,7 @@ spec:
        - name: kube-router-cfg
          mountPath: /etc/kube-router
      hostNetwork: true
+      hostPID: true
      tolerations:
      - effect: NoSchedule
        operator: Exists
--- a/daemonset/kube-router-proxy-daemonset.yaml
+++ b/daemonset/kube-router-proxy-daemonset.yaml
@ -99,6 +99,7 @@ spec:
        - name: kube-router-cfg
          mountPath: /etc/kube-router
      hostNetwork: true
+      hostPID: true
      tolerations:
      - effect: NoSchedule
        operator: Exists
--- a/daemonset/kubeadm-kuberouter-all-features-hostport.yaml
+++ b/daemonset/kubeadm-kuberouter-all-features-hostport.yaml
@ -120,6 +120,7 @@ spec:
        - name: kube-router-cfg
          mountPath: /etc/kube-router
      hostNetwork: true
+      hostPID: true
      tolerations:
      - effect: NoSchedule
        operator: Exists
--- a/daemonset/kubeadm-kuberouter-all-features.yaml
+++ b/daemonset/kubeadm-kuberouter-all-features.yaml
@ -113,6 +113,7 @@ spec:
        - name: kube-router-cfg
          mountPath: /etc/kube-router
      hostNetwork: true
+      hostPID: true
      tolerations:
      - effect: NoSchedule
        operator: Exists
--- a/daemonset/kubeadm-kuberouter.yaml
+++ b/daemonset/kubeadm-kuberouter.yaml
@ -112,6 +112,7 @@ spec:
        - mountPath: /etc/kube-router
          name: kube-router-cfg
      hostNetwork: true
+      hostPID: true
      tolerations:
      - effect: NoSchedule
        operator: Exists